lambda: Lambdas can connect and execute queries against RDS without any related IAM policies #27022
Labels
@aws-cdk/aws-lambda
Related to AWS Lambda
bug
This issue is a bug.
closed-for-staleness
This issue was automatically closed because it hadn't received any attention in a while.
response-requested
Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Comments
suharsha
added
bug
suharsha
changed the title
|
What type of auth is the Lambda doing? Is it fetching secrets from Secrets Manager? As far as connecting to RDS, that depends on the security group attached to the RDS instance. |
peterwoodworth
added
response-requested
|
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
closing-soon
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Recently I moved few of my Lambdas in to the same VPC as the RDS as suggested by cdk-nag. Then to adjust RDS permissions on those Lambdas, I removed all RDS IAM policies which they had initially and did some tests. They were still able to connect to the RDS and run queries too even without any RDS related IAM permissions.
Expected Behavior
Lambdas without proper RDS IAM permissions should not be able to connect to RDS or run queries in RDS. They should log an error and specify which permissions are missing.
Current Behavior
Lambdas can connect and execute queries on RDS without any RDS related policies
Reproduction Steps
Deploy a Lambda with code to connect to RDS and run a query without any RDS policies
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.93.0
Framework Version
No response
Node.js Version
18
OS
MacOS
Language
Typescript
Language Version
4.9.5
Other information
No response
The text was updated successfully, but these errors were encountered: